Certify our hackers

"Why do you want to train and certify hackers? To narrow the gap between the good and the bad guys," says EC-Council co-founder and president Sanjay Bavisi.

The New York-based security professional said at the Security Summit that good crackers could execute hacks so fast and flawlessly that once a business was compromised, they could steal everything of value and completely erase their tracks within 20 minutes.

The goal of the ethical hacker was to help organisations take pre-emptive measures against malicious attacks by attacking the system himself, all the while staying within legal limits. This philosophy stemmed from the proven practice of setting a thief to catch a thief.

"If people don`t understand how malware works, they can`t defend against it. You must know exactly what the trade of a hacker is, how they work, what their tools are and then you reduce the threat.

"A lot of corporations and government agencies are with us and there are now ethical hackers," Bavisi explained.

"That`s where we will see the reduction of gaps. So the most obvious security flaws will now not be exploited because the ethical hackers will block them and reduce the quantity of hackers coming after you because only the top breed will be able to get at you and that is a step in the right direction."

GETTING CERTIFIED

The EC-Council Web site argues that if hacking involves creativity and thinking "out-of-the-box", then vulnerability testing and security audits will not ensure the security proofing of an organisation.

"To ensure that organisations have adequately protected their information assets, they must adopt the approach of `defence-in-depth`. In other words, they must penetrate their networks and assess the security posture for vulnerabilities and exposure," the site says.

It goes on to define an ethical hacker as similar to a penetration tester. The ethical hacker is an individual who is usually employed with the organisation and who can be trusted to undertake an attempt to penetrate networks and/or computer systems using the same methods as a cracker.

The EC-Council`s Certified Ethical Hacker (CEH) programme certifies individuals in the discipline. "CEH certification will fortify the application knowledge of security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure."